RBNZ Banking Supervision Handbook: BS8 Connected Exposures Policy
|
|
| Regulator |
Reserve Bank of NZ |
| Jurisdiction |
NZ |
| Status |
live |
| Applicability |
Platform |
BS8 is the RBNZ Banking Supervision Handbook standard governing connected exposures (related
party credit risk) for registered banks. It limits the aggregate credit exposure a bank may have
to connected persons — major shareholders (≥10%), directors, senior managers, and their
associates and related entities — to prevent conflicts of interest and concentration risk that
could undermine the bank's financial soundness.
Under BS8, aggregate connected exposures must not exceed 15% of Tier 1 capital (or the lower
limit specified in a bank's conditions of registration). Individual connected party exposures and
aggregate connected group exposures both count against the limit. Connected party transactions
must be conducted on arm's length terms.
BS8 is being superseded by the DTA Related Party Exposures Standard,
which takes effect 1 December 2028. The current BS8 version (October 2023) replaced the prior
version from October 2021. Until the DTA standard takes effect, BS8 remains operative.
Compliance register
This register maps every material obligation under BS8 to the platform control or institutional
process that satisfies it. It is the static traceability layer for the Totara compliance report —
dynamic data (module build status, test evidence, control test dates) is overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — board governance, credit committee, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Connected party identification
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS8 §4 |
Identify all connected persons — major shareholders (≥10%), directors, senior managers, and their associates |
📊 Evidenced |
GOV-009 |
MOD-147 (CALC) — related party status sourced from CDD profile (MOD-010); UBO linkage and relationship type maintained in the customer record; identification is automated, board register is institutional |
🔨 |
| BS8 §4 |
Identify connected groups — aggregate all entities under common control or common ownership with a connected person |
🤖 Automated |
GOV-009 |
MOD-147 (CALC) — group aggregation logic applies ownership threshold rules continuously; no manual aggregation step |
🔨 |
| BS8 §5 |
Update connected person register when ownership, board composition, or management changes |
📊 Evidenced |
GOV-009 |
MOD-147 (CALC) — register recalculates automatically when CDD or counterparty profile is updated; board register update is an institutional notification process |
🔨 |
Exposure limits
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS8 §6 |
Ensure aggregate connected exposures do not exceed 15% of Tier 1 capital (or conditions-of-registration limit) |
🤖 Automated |
GOV-009, CRE-005 |
MOD-147 (CALC) — connected exposures calculated continuously as a percentage of Tier 1 capital (sourced from MOD-033); real-time monitoring without end-of-day lag |
🔨 |
| BS8 §6 |
Alert in advance of limit breach — give the Board time to act before a breach occurs |
🤖 Automated |
GOV-009 |
MOD-147 (ALERT) — alert fires when aggregate connected exposure approaches the 15% Tier 1 limit; configurable pre-warning threshold (default: 80% of limit) |
🔨 |
| BS8 §6 |
Obtain RBNZ approval for any transaction with a connected person that would exceed permitted limits |
🏛 Institutional |
GOV-009 |
MOD-147 (ALERT) provides near-limit alert. RBNZ engagement and approval is an institutional regulatory process. |
— |
| BS8 §7 |
Transact with connected persons on arm's length terms |
🏛 Institutional |
GOV-009 |
MOD-147 captures exposure quantum and relationship type as an evidence record. Arm's length determination is a legal and governance process. |
— |
Monitoring and reporting
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS8 §8 |
Monitor connected exposures continuously and update calculations when new facilities are drawn or positions change |
🤖 Automated |
GOV-009, CRE-005 |
MOD-147 (CALC) — exposure aggregation is event-driven; any new drawdown, balance change, or counterparty profile update triggers a recalculation; no scheduled batch dependency |
🔨 |
| BS8 §9 |
Report connected exposures to RBNZ on the prescribed schedule |
🤖 Automated |
GOV-009 |
MOD-036 (AUTO) — connected exposure figures sourced from MOD-147 and included in the RBNZ BS prudential return automatically |
🔨 |
| BS8 §10 |
Disclose connected exposures in quarterly and annual disclosure statements (BS3B/BS3C) |
🤖 Automated |
GOV-009 |
MOD-036 (AUTO) — connected exposure disclosure tables populated from MOD-147 output via the return data pipeline |
🔨 |
Board governance
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS8 §11 |
Board credit committee approval required for credit transactions with connected persons approaching or at the limit |
🏛 Institutional |
GOV-009 |
MOD-147 (ALERT) triggers the approval workflow by alerting the credit committee. Approval decision is institutional — the board credit committee makes and records the decision. |
— |
| BS8 §11 |
Board to review connected exposure policy annually and confirm compliance |
🏛 Institutional |
GOV-009 |
MOD-147 provides the annual connected exposure report data. Board review and sign-off is an institutional governance act. |
— |
| Obligation |
Owner |
Platform evidence input |
| Board register of connected persons (directors, major shareholders, their associates) |
Company Secretary |
MOD-147 aggregates and quantifies exposures; the register itself is maintained institutionally |
| Arm's length certification for connected party transactions |
Board / Legal |
MOD-147 logs transaction dates, amounts, and counterparty details as the evidence base |
| RBNZ notification of near-limit or limit-breach events |
CFO / CEO |
MOD-147 alert provides the data for RBNZ notification |
| External auditor review of connected exposure disclosure |
External Auditor |
MOD-036 provides the data lineage; MOD-147 provides the exposure calculation audit trail |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Connected party identification |
3 |
1 |
2 |
0 |
0 |
| Exposure limits |
4 |
2 |
0 |
2 |
0 |
| Monitoring and reporting |
3 |
3 |
0 |
0 |
0 |
| Board governance |
2 |
0 |
0 |
2 |
0 |
| Total |
12 |
6 (50%) |
2 (17%) |
4 (33%) |
0 (0%) |
All attributed modules are currently build_status: Not started. The DTA Related Party Exposures
Standard (effective 1 December 2028) supersedes BS8 — see
nz-dta-related-party-exposures for the forward obligation
register.
| Policy |
Title |
| GOV-009 |
Related Party Transactions Policy |
| CRE-005 |
Concentration Risk Policy |
See D08 Governance & Accountability for the full risk domain.
Official documentation
Policies referencing this standard
(None yet)
Compiled 2026-05-22 from source/entities/regulations/nz-bs8.yaml